Simple Log Service uses Key Management Service (KMS) to encrypt stored data, ensuring secure storage. It also provides encrypted transmission through Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to protect data from potential security risks in the cloud.
Server-side encryption
Simple Log Service supports the following two encryption mechanisms:
Encryption using service keys provided by Simple Log Service
Simple Log Service generates an independent data encryption key for each logstore to encrypt data. This encryption key never expires.
The AES algorithm (default) and SM4 encryption algorithm are supported.
Encryption using Bring Your Own Key (BYOK)
You can create a customer master key (CMK) in the KMS console and grant Simple Log Service the necessary permissions. Simple Log Service uses this CMK to create keys for data encryption when it calls the KMS interface. If your CMK is deleted or disabled, the BYOK key becomes invalid.
ImportantAfter the CMK generated by KMS BYOK becomes invalid, all read and write requests on the logstore will fail.
For more information, see Data encryption.
Encrypted transmission based on SSL or TLS
Simple Log Service can be accessed over HTTP or HTTPS. SSL or TLS ensures the security and integrity of data transmitted between applications.
Encrypted transmission based on Logtail
Logtail is an agent used by Simple Log Service to collect logs. To protect your data during transmission, Logtail uses HTTPS to obtain private tokens from the server and signs all log data packets.
Encrypted transmission based on SDKs
Simple Log Service offers SDKs in various programming languages, including Java, Python, .NET, PHP, and C. These SDKs let you read from and write to Simple Log Service using HTTPS.